Goodnotes Privacy Policy

Last Updated: September 2024

Old Version: August 2023

Protecting your privacy at Goodnotes

Your privacy matters to us as much as it does to you. At Goodnotes, we take great care in handling your personal data safely and responsibly.

Our privacy principles:

  • We never sell or rent your data or notebook content to third parties.
  • We don't access or collect data from your notebooks or documents without your permission.
  • We use limited, anonymized data to improve our services and meet legal obligations.

Data sharing policy:

We only share your data:

  • When you explicitly give us permission to do so and with the third parties specifically identified in this policy
  • To protect the rights, property, or safety of us, our customers, or others.

What we collect:

  • Basic personal data (name, email, country) when you register.
  • Anonymous statistical data (crash frequency, feature usage) to enhance the app experience.

If data is shared with third parties, we ensure they are bound by data protection agreements or confidentiality obligations. Please read our comprehensive Privacy Policy for more details. We update this regularly to follow the latest laws and best practices.

  • Goodnotes Limited and its affiliates (the "Company", "Goodnotes", "we", "our" or "us") are committed to protecting and respecting your privacy. We are a company with our registered office at 1 Bartholomew Lane, London, United Kingdom, EC2N 2AX. This privacy policy (or "Policy") sets out the basis on which any data and information the Company collects from you will be processed by the Company during your interactions with us, including through your use of the Goodnotes services, which includes the Goodnotes application (including Goodnotes iOS, Windows, Web application and Android), Goodnotes Cloud, Goodnotes Account and other software, features or content provided by us (including, without limitation, Goodnotes All Platforms, Goodnotes Beta, Goodnotes Experimental Features, Goodnotes AI, Goodnotes Marketplace, Goodnotes Business, Goodnotes Enterprise, Goodnotes Classroom and any other product or services that links to this Policy), as well as all functionality that Goodnotes makes available and any other product or services that links to this Policy, as well as all functionality that Goodnotes makes available (collectively, the "Services"). 

    Goodnotes provides the Services to: (i) commercial customers and educational institutions who procure the Services on behalf of their own end users ("Enterprise Users"); (ii) individual customers who access the Services via the Goodnotes application ("End Users"); and (iii) individuals who visit or communicate with us via the Goodnotes website and our Goodnotes Help Centre ("Website Users"). We have outlined in this Policy which sections of the Policy shall apply to Enterprise Users, End Users and Website Users respectively.

    Please note that we may provide you with additional privacy information which relates to our collection and processing of your data in the context of your use of specific Services. Any such additional privacy information should be read in conjunction with this Policy.

  1. 1. What kind of data is being collected and how do we collect it?

    We may collect and process "Personal Data" (which is defined as any data that identifies or can be used to identify you) about you when you visit, install, download, access, register for or use our Services, or contact us in relation to the Services. The nature of the Personal Data that we may process will be determined by how you are using our Services. We will only use your Personal Data as set out below and always in accordance with applicable data protection laws, including but not limited to the European Union's General Data Protection Regulation 2016/679 (the "EU GDPR"). together with the version of the EU GDPR which is incorporated into the domestic law of the United Kingdom (the "UK GDPR") (the EU GDPR and the UK GDPR are collectively referred to as the "GDPR"). We do not collect special categories of Personal Data (as defined in the GDPR), which means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation. We do not expect our users to share or provide us with special categories of Personal Data.
    1. Enterprise User Data 
      1. Information that you provide to us:

        Depending on the relevant circumstances and applicable local laws and requirements, we will collect some or all of the information listed below in relation to individuals at your organisation to enable us to provide our Services to you. To the extent applicable, such information may include
        • basic Personal Data about you (personal identifiers and contact information such as first name, family name, email address, organisation/education institution details, country and your language);
        • information that someone in your organisation or education institution has  chosen to tell us or share through a Service or that you have chosen to tell a Goodnotes staff member;
      2. We may attend conferences, trade shows, and other events where we collect contact information from individuals who interact with or express an interest in the Services.
      3. To the extent that you access our website, we will also collect certain data from you. If you would like more information about this, see Section 1.3 – Website Users.
      4. Goodnotes requires Enterprise Users to communicate the relevant parts of this Policy to any individuals whose personal data may be processed by Goodnotes in connection with the Enterprise User's receipt of the Services (e.g. relevant individuals at your organisation).
    2. End User Data
      1. Information that you provide to us: Depending on the relevant circumstances and applicable local laws and requirements, we will collect some or all of the information listed below in relation to you to enable us to provide our Services to you. To the extent applicable, such information may include;
        • basic Personal Data about you (personal identifiers and contact information such as first name, family name, email address, country and your language);
        • for certain support requests and issues, we may ask you to export and send us diagnostic data of your Goodnotes application which includes information necessary to diagnose and resolve issues you might experience with our Services including the titles of your documents, folders, and imported files;
        • any information that you choose to share through the Services which may be considered Personal Data, including any information that you upload containing details about you. But please note that we will not:
          • access or collect data (including any Personal Data) from your notes or documents without your permission; or
          • use your handwriting data to create an individual digital template or profile for the purpose of identifying you, and we therefore do not consider that we process any biometric data about you;
        Goodnotes Services are not intended for use by covered entities (as such term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in the United States) for the transmission of Protected Health Information (as defined by HIPAA, 45 C.F.R. § 160.103), nor intended for the transmission of sensitive personal information (as defined by the California Consumer Privacy Act, Cal. Civ. Code §1798.140(ae), as amended) such as payment card or financial information (except when making a purchase), so please do not share this information with us.
      2. Information that we automatically collect or generate about you:
        • any information regarding the Services accessed and/or used by you and our interactions with you;
        • a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the Services which we have provided to you;
        • usage data when you visit or otherwise use the Services, including details of the location of the device used and IP address;
        • marketing and communications data collected regarding marketing, promotions and communicating new features; and
        • activity data relating to your usage of the Services, which reveal your preferences, interests, or manner of use of the Services and the times of use, e.g., IP address, device type, other unique device identification, storage usage, data usage, time zone settings, etc.
        Where possible, we anonymise statistical data about End Users and how they interact with the Services by using unique identifiers which are linked to user accounts but do not contain any Personal Data.
      3. We sometimes collect Personal Data provided to us by third parties, service providers, agencies or other publicly available sources where applicable. This includes (by way of non-exhaustive list):
        • social media features which may collect your IP address;
        • which page you are visiting on one of our sites or sub-domains; and
        • usage data when you visit or otherwise use the Services, including details of the location of the device used and IP address;
        • the use of Cookies to enable the feature or Service to function properly.
        • Features may also allow third party social media services to provide us with information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the third-party social media service.
        Features are either hosted by a third party or hosted directly in the Goodnotes Services. Your interactions with these features are governed by the privacy statements of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services.
      4. To the extent that you access our website, we will also collect certain data from you. If you would like more information about this, see Section 1.3 – Website Users.
      5. We will only use data relating to your use of the Services to improve the Services where you voluntarily provide feedback to us e.g. when you interact with Goodnotes AI that request your feedback or when you opt-in to share your conversation logs or you choose to share your notebook conversation logs with Goodnotes ("Feature Feedback").
    3. Website User Data
      1. Information that you provide to us and personal data we may collect: When you get in contact with us via our website, you provide us with your personal data, in the form of your name, email address and any other information that you choose to tell us either through communications that you send to us which pass through our servers.
      2. Information that we automatically collect or generate about you:
        We collect a limited amount of data from our Website Users that we use to help us improve your experience when using our website and to help us manage the services we provide. Such information may include (by way of a non-exhaustive list):
        • how you use our website;
        • the frequency with which you access our website;
        • internet protocol (IP) address
        • location and time zone; and
        • the language you choose to view our website in.
        We collect your data automatically via Cookies, in line with your Cookie settings in your browser. If you would like to find out more about Cookies, including how we use them and what choices are available to you, see Section 13 – Cookies.

  2. 2. What is this data being used for?

    1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
    2. When we use your Personal Data, we make sure that our usage complies with applicable data protection laws. The law allows or requires us to use your Personal Data for a variety of reasons. These include where:
      • we need to do so in order to perform our contractual obligations with our customers and third-party providers;
      • we have obtained your consent;
      • we have legal and regulatory obligations that we have to discharge;
      • we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
      • the use of your Personal Data as described is necessary for our legitimate business interests, such as:
        • allowing us to effectively and efficiently manage and administer the operation of our business and the Services;
        • to enforce contracts and applicable Terms of Use, including investigation of potential violations thereof;
        • maintaining compliance with internal policies and procedures;
        • monitoring the use of our copyrighted materials;
        • enabling quick and easy access to information on Goodnotes Learn and in the provision of the Services; and
        • protect against harm to the rights, property or safety of Goodnotes, our users, customers, or the public as required or permitted by law.
    3. Enterprise Users
      Why and how we process your information
      To set you up on our systems (including the creation of your account) so that you can enable your end users to use and access the features and functionality provided by the Services.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to the organisation that you represent and your end users.
      Why and how we process your information
      Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our activities including changes to our terms or policies or modifications to the products or other important notices.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all Enterprise Users and their respective end users that receive our Services so that we can communicate with them.
      Why and how we process your information
      To obtain feedback on the Services from you and your end users via surveys and similar methods.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any extra information that you or a member of your organisation choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely, it is in our interests to improve and develop our offering by considering your feedback and your end users' feedback and feeding this into our processes where we deem necessary.
      Why and how we process your information
      To provide customer support and respond to customer inquiries e.g. via the submission form on our customer support page.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to respond to customer inquiries and to remedy any issues with the Services. We may also need to process your personal data to comply with our legal obligations.
      Why and how we process your information
      For the administration and maintenance of our databases storing Personal Data.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely to ensure that our databases are up to date and adequately maintained so that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To detect, prevent, or otherwise address fraud, security or technical issues.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any extra information that you or a member of your organisation choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely, it is in our interests for us to detect, prevent and address fraud, security and technical issues to ensure that we are in compliance with applicable laws and regulations, and that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To help us to establish, exercise, or defend legal claims.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes member
      • Emails with individuals in your organisation may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them.
    4. End Users
      Why and how we process your information
      To allow you to use and access the features and functionality provided by the Services.
      Types of Personal Data used
      • Personal identifiers and contact information.Personal identifiers and contact information
      • Diagnostic data.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to you.

      To perform a contract with you.

      We will rely on consent if we deem that this is required in the context of a specific Service.
      Why and how we process your information
      To set you up to use the Services, including creating and administering your account.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to you.

      To perform a contract with you.

      We will rely on consent if we deem that this is required in the context of a specific Service.
      Why and how we process your information
      To obtain feedback on the Services via surveys and similar methods, such as interactive features e.g. when you submit Feature Feedback.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to improve and develop our offering (including by improving our machine learning models) by considering your feedback and feeding this into our processes where we deem necessary.
      Why and how we process your information
      To provide customer support and respond to customer enquiries e.g. via the submission form on our customer support page.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to respond to customer inquiries and to remedy any issues with the Services. We may also need to process your personal data to comply with our legal obligations.
      Why and how we process your information
      To monitor your use of: (i) digital products (including planners, notebooks and stickers); and (ii) digital textbooks through digital rights management solutions.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Information that we automatically collect or generate about you e.g. whether you have attempted to take a screenshot of a digital product or textbook page.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to ensure the protection of our intellectual property and that of our third party partners.

      We may also need to process your personal data to comply with our legal obligations
      Why and how we process your information
      To allow you to register and participate in sweepstakes or contests.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to be able to inform you about and allow you to participate in any of our sweepstakes and contests and for other promotional, marketing and business purposes.We will obtain your consent (or ensure we can rely on soft opt-in consent) prior to sending you marketing communications.
      Why and how we process your information
      Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our activities including changes to our terms or policies or modifications to the products or other important notices.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all of our End Users so that we can communicate with them.
      Why and how we process your information
      To communicate with you in order to provide you with the Services or information about us and the Services.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all of our End Users so that we can communicate with them.
      Why and how we process your information
      To allow us to tailor the information you see so that it is of most relevance to you.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to increase the relevance of the content that you see when using our Services and when we communicate with you.
      Why and how we process your information
      For optimising the Services and your experience using the Services, and for ongoing review and improvement of the information provided on the Services to ensure that it is user friendly.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain our provision of the Services to you.
      Why and how we process your information
      To take measures to protect against and try to prevent any potential disruptions or cyber-attacks.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data.
      Legal basis relied upon
      Legitimate interest, namely it is in our interests that the provision of the Services is uninterrupted and secure from any cyber-attacks.
      Why and how we  process your  information
      To understand your needs and interests and, where you have provided your consent, to send you marketing communications about our Services.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information / selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain the provision of the Services to you.

      We will obtain your consent (or ensure we can rely on soft opt-in consent) prior to sending you marketing communications.
      Why and how we process your information
      To provide you with technical and other support.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely to ensure that your access to the Services is continuous and satisfactory.
      Why and how we process your information
      For the management and administration of our business or in relation to a sale, reorganization, financing or other similar corporate transaction involving our business.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to ensure that a smooth handover or transition takes place in the context of such a transaction to enable you to continue to receive the Services.
      Why and how we process your information
      In order to comply with and in order to assess compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and evidence compliance with compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures. We may also need to process your personal data to comply with our legal obligations.
      Why and how we process your information
      For the administration and maintenance of our databases storing Personal Data.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely to ensure that our databases are up to date and adequately maintained so that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To detect, prevent, or otherwise address fraud, security or technical issues.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources 
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to detect, prevent and address fraud, security and technical issues to ensure that we are  in compliance with applicable laws and regulations, and  that the provision of the Services and our business  runs smoothly.
      Why and how we process your information
      To help us to establish, exercise, or defend legal claims.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources 
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them.
    5. Website Users
      Why and how we process your information
      To keep a record of your enquiries and suggestions and so that we can respond to them.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any information/selection that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to consider and respond to enquiries and suggestions that you submit to us.
      Why and how we process your information
      To help us to improve your experience when using our website and to help us manage the services we provide.
      Types of Personal Data Used
      • Information that we automatically collect or generate about you.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain our provision of our website to you.

  3. 3. Who is my data disclosed to?

    1. We may disclose your Personal Data to other companies within our group for the purposes set out in "What is this data being used for?" above, as well as to law enforcement and regulatory agencies as may be required by law.
    2. If you use certain features in the Services, such as collaboration features, the information contained in the content that you share, which will include any Personal Data contained in such content, will be shared with the individuals that you select or anyone else who they may share with. We will not share your information this way unless you direct us to do so through your use of the Services.
    3. When you create notes or documents when using the Services, these are stored on the Goodnotes application on your device - Goodnotes does not store your notes or documents on its own servers and does not access or collect such data without your permission. However, if you back up your notes or documents by using relevant functionalities that we provide, your data may be shared with third parties as follows:
      1. If you use Goodnotes Cloud to back up the notes or documents that you have uploaded onto the Goodnotes application or other Services (by turning on auto-backup on a compatible device), any Personal Data contained within these notes or documents will be saved on Goodnotes Cloud and therefore shared with the third parties that we use to power the infrastructure for Goodnotes Cloud. These third parties may be located in a country outside the UK and/or EEA – please refer to section 5 (International transfers of Personal Data) below. If you make any changes to any of your notes or documents (including to any Personal Data) that you have backed up on Goodnotes Cloud, we will automatically replace that copy in your cloud storage by sharing your updated notes and documents with the third parties that power the infrastructure for Goodnotes Cloud, so that your notes and documents are always up to date. We will not, however, access or collect data (including any Personal Data) from your notes or documents irrespective of whether they are stored on Goodnotes Cloud.
      2. We provide optional functionalities which allow you to sync your notes and documents on the Goodnotes application to your iCloud account. If you enable iCloud sync on a compatible device, any Personal Data contained within your notes or documents will be shared with iCloud so that any edits that you make to your notes and documents are saved on iCloud in real-time.
    4. We may disclose and transfer your Personal Data to our agents, contractors or vendors ("Service Providers"). When we do this, we will ensure that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your Personal Data to provide agreed services to us and to you. Such Service Providers may provide administrative, data processing or other similar services to us to enable us to better provide the Services.
    5. We may provide your Personal Data to actual or proposed assignees or transferees of our rights with respect to you in connection with a merger, sale or transfer (whether of assets or shares), reorganization, liquidation or dissolution of a company within our group, or steps taken in anticipation of such events (e.g., due diligence in a transaction). In such cases, information will be only be shared where necessary.
    6. In particular, certain of the specific third parties that we disclose data to include:
      • In order to log aggregated statistical, non-Personal Data, we use Google Analytics for Firebase. 
      • We use Mailchimp for sending newsletters and tips and tricks to subscribers that subscribe voluntarily. 
      • To collect feedback and ideas in our idea forum, we use the service provided by UserVoice. In order to submit feedback to the forum, an account with UserVoice will need to be created. 
      • We use Amazon Web Services to power the infrastructure for Goodnotes Cloud. 
      • We use Datadog to collect diagnostic and usage data and monitor the infrastructure for Goodnotes Cloud. 
      • We provide optional functionalities which allow you to sync your files on the Goodnotes application to your iCloud account. 
      • We use Mixpanel and Amplitude to collect information about the usage of our app to maintain and improve the Goodnotes application, our products and services. and features. 
      • We use externally trained models, in particular large language models and embeddings models incorporated into services provided by Amazon Web Services to provide the functionality for Goodnotes AI. 
      • We use a digital rights management solution to monitor the use of certain  digital products released on Goodnotes Marketplace.  
      • We may use Zendesk by Zendesk Inc. or other third party providers to provide you with customer support services (including handling customer support emails, online submission of customer inquiries and Answer Bot functionalities on Goodnotes Help Centre). 
      • We use Paddle to assist us with processing payments data.
      • We use HubSpot to assist us with processing the data of our Enterprise Users for CRM purposes, including marketing activities.  
      • We may use Braze or other third party providers to notify you of important events about the Services and provide you with an enhanced user experience when using the Services. 
      • We may use Sprig, UserTesting, Google Forms, Lyssna and other third party tools from time to time for user research purposes.

  4. 4. Retention Process

    1. How long we will hold your Personal Data for will vary and will be determined by the following criteria:
      • the purpose for which we are using it – we will need to keep your Personal Data for as long as is necessary for that purpose; and 
      • legal obligations – laws or regulation may set a minimum period that we have to keep your Personal Data.

  5. 5. International transfers of Personal Data

    1. We are a global business. Our customers and our operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
    2. When we transfer your Personal Data to another country outside the UK and/or EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the UK and/or EEA, for example, this may be done in one of the following ways:
      • the country that we send the data to might be approved by relevant data protection authorities as offering an adequate level of protection for Personal Data; 
      • the recipient might have signed up to a contract based on “model contractual clauses” approved by relevant data protection authorities, obliging them to protect your Personal Data; 
      • the recipient may have adhered to binding corporate rules; or 
      • In other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.
    3. You can obtain more details of the protection given to your Personal Data when it is transferred outside the UK and/or EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as referred to in the “More Questions” section below.

  6. 6. Keeping your data secure

    1. We will use technical and organisational measures designed to safeguard your Personal Data, for example:
      • access to your membership, if you register with us, is controlled by your email and a password that is unique to you; 
      • we encrypt your Personal Data; 
      • any Personal Data that we process or store is done on secure servers.
    2. All processing of your Personal Data shall be conducted according to the data protection principles as follows:
      • Personal Data must be processed lawfully, fairly and transparently; 
      • Personal Data must be accurate and kept up to date with every effort to erase or correct; 
      • Personal Data must be processed in a manner that ensures the appropriate security.
    3. In addition, we have appropriate security measures in place designed to prevent Personal Data from being accidentally or unlawfully lost, used or accessed. We limit access to your Personal Data to those who have a genuine business need to access it. We take steps designed to ensure that those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to respond to data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  7. 7. Information about other individuals

    1. If you give us information on behalf of someone else, you confirm and represent that you have the consent of such person to do so and such person has appointed you to act on his/her behalf to:
      • give consent on his/her behalf to the processing and transfer of his/her Personal Data; and 
      • receive on his/her behalf any notices relating to data protection.  

  8. 8. Third Party Websites

    Our Services may contain links to other websites operated by third parties and may include social media features such as Facebook, Twitter, YouTube, and Instagram buttons or links. You may also submit content to our blog through Medium. These third-party websites may collect information about you if you click on a link or visit those websites, and the social media sites may automatically record information about your browsing behaviour every time you visit a website with a social media button. Your interactions with these features and third parties are governed by the privacy policy of the third party, not by this Policy.

  9. 9. Your rights Under the GDPR

    1. Under certain circumstances, you may have rights under data protection laws in relation to your Personal Data, which you can exercise free of charge. These rights include:
      • The right to know whether we hold your Personal Data and to request access to your Personal Data held by us.
      • The right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation.
      • The right to request that we rectify your Personal Data if it is inaccurate or incomplete.
      • The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it.
      • In some circumstances, the right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format and/or to instruct us to transmit that data to a third party.
      • The right to object at any time to your Personal Data being processed for direct marketing and in other certain circumstances, such as if we change our legitimate interests from the basis on which we initially collected and processed your Personal Data.
      • The right to request that we restrict our processing of your Personal Data in certain circumstances. We can only continue to store your data, and will not be able to carry out any further processing activities with it until either: (i) you consent; or (ii) further processing is necessary for either the  
      • establishment, exercise, or defence of legal claims, the protection of the rights of another individual, or reasons of important EU public interest.
      • The right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
    2. If you wish to exercise any of the above rights, or make any related complaint or request in relation to your Personal Data, please contact us by using the contact details in the “More Questions” section below. You may also exercise some of your rights (e.g. the right to request that we erase your Personal Data) via the Goodnotes application.
    3. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

  10. 10. Children

    Goodnotes does not knowingly collect personally identifiable information data directed at children under 13 according to the Children’s Privacy Protection Act (“COPPA”).

  11. 11. California Residents

    Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), California residents have certain rights regarding their “personal information” (as that term is defined under the CCPA). For a copy of our privacy notice to residents of California (United States), please go to our supplemental California Privacy Notice. Please refer to our supplemental California Privacy Notice for additional information about our activities and data practices subject to the CCPA.

  12. 12. Virginia Residents

    Under the Virginia Consumer Data Protection Act (the “VCDPA”), Virginia residents have certain rights regarding their “personal data” (as that term is defined under the VCDPA). For a copy of our privacy notice to residents of Virginia (United States), please go to our supplemental Virginia Privacy Notice.

  13. 13. Who is responsible for processing your Personal Data

    Details of the controller and company responsible for compliance with this Policy are set out in Annex 1.

  14. 14. Cookies

    To the extent that we collect Personal Data with the help of Cookies (which are small text files that include a small quantity of information sent to the browser of users, by a web server, and stored on the hard disk drive of a computer for purposes of archiving, collecting navigation data for statistical analysis purposes, and offering services related to your interests or location), we will process it in accordance with this Policy and our Cookies Policy which can be found at Cookies Policy.

  15. 15. More questions

    1. We commit to resolving complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints should first contact support@goodnotes.com.
    2. You also have a right to lodge a complaint with a competent supervisory authority situated in a member state of your habitual residence, place of work, or place of alleged infringement.

  16. 16. Changes to this policy

    The Company reserves the right to make changes to this Policy at any time by giving notice to its users on the site, the Goodnotes application, or as notified by us to you (by email for example), where possible. We recommend checking this page to stay up to date with the latest changes.

  17. ANNEX 1 – HOW TO CONTACT US

    The Goodnotes entity  responsible for processing  your Personal Data will  depend on which of the below  companies is the counterparty  associated with the relevant  arrangement

    How you can get in touch with us: 

    • to access, amend or take back the Personal Data that you have  given to us; 
    • if you suspect any misuse or loss of or unauthorised access to  your Personal Data; 
    • to withdraw your consent to the processing of your Personal  Data (where consent is the legal basis on which we process your  Personal Data); or 
    • with any comments or suggestions concerning this Policy.
    Goodnotes Limited
    You can write to us at the following address:
    legal@goodnotesapp.com at 1 Bartholomew Lane, London, United  Kingdom, EC2N 2AX.

    Alternatively, you can send an email to: support@goodnotes.com.

Legal

Terms and Conditions
Privacy Policy
California Privacy Policy
Virginia Privacy Notice
Cookie Policy
Take Down Requests Notice
Data Processing Addendum
Goodnotes for Business End User License Agreement (EULA)
Goodnotes uses cookies to enhance user experience and analyze traffic. Details of which cookies we use are available at our Cookie Policy. By continuing to browse the site, you accept cookies. You can withdraw your consent by adapting your preferences in the ‘preferences’ section.
PreferencesReject AllAccept All